Central Bank of Ireland's 2020 Dear CEO Letter on the Fitness and Probity Regime

Submit a Feature

Legal

Central Bank of Ireland's 2020 Dear CEO Letter on the Fitness and Probity RegimeOn 17 November 2020, the Central Bank of Ireland (“CBI”) published on its website and sent to the management of regulated financial services providers (“firms”) a Dear CEO letter (the “2020 Dear CEO Letter”) highlighting its key findings from a thematic inspection in relation to firms' compliance with requirements of the Fitness and Probity Regime ("F&P Regime").

Context of the 2020 Dear CEO Letter

On 8 April 2019, the CBI published a Dear CEO Letter (the "2019 Dear CEO Letter") on the F&P Regime which noted a lack of awareness amongst firms of their obligations under the F&P Regime and highlighted particular areas where compliance was found to be lacking. See the William Fry Financial Regulation Unit briefing on the 2019 Dear CEO Letter here.

The 2020 Dear CEO Letter has been published following a thematic inspection by the CBI of sample firms in the insurance and banking sectors to assess the level of compliance with the F&P Regime in the context of the CBI having warned firms about the importance of such compliance in the 2019 Dear CEO Letter. The CBI's thematic inspection highlighted a number of common issues and shortcomings under five headings set out below.

The publication of the 2020 Dear CEO Letter precedes the anticipated introduction of a Senior Executive Accountability Regime ("SEAR") which William Fry understands is currently at an advanced stage of drafting. Once introduced, SEAR will complement the CBI's supervisory and enforcement efforts under the F&P Regime as both regimes ultimately aim to promote both firms' and individuals' compliance with fitness and probity and other standards and will hold both firms and individuals to account when such standards are not met. See the William Fry briefing on the proposals for the SEAR regime here.

The focus of the CBI's thematic inspection on fitness and probity

The CBI outlines the focus of the thematic inspection under the following headings. The findings, both positive and negative, are elaborated upon in the appendix to the 2020 Dear CEO Letter (the "Appendix"). The thematic inspection focussed on:

  • Awareness and understanding within firms of their compliance obligations; 
  • Initial and ongoing due diligence processes; 
  • Oversight and control where Pre-Approval Controlled Function (“PCF”) roles or Controlled Function (“CF”) roles have been outsourced; 
  • Processes and channels for effective engagement with the CBI; and 
  • The role of the Compliance Function with regard to the F&P Regime.

Key findings from the CBI's thematic inspection on fitness and probity

The CBI has grouped the shortcomings identified under five key headings which are discussed below. Key action points for firms' attention have also been included.

Role of the board in the fitness and probity process

The CBI found that the level of awareness of board members of their fitness and probity obligations was poor, particularly in relation to appointments of board members. The CBI noted an inappropriate practice in some firms of the CEO screening candidates for appointment to the board. The CBI highlights that it is essential that board members recognise the importance of the F&P Regime and their responsibilities within it, not only for the firm, but also for the board itself. The CBI makes clear that the same high standards and rigour must be observed and applied to board appointments as to those elsewhere within a firm and that the CBI expects boards to demonstrate effective engagement and challenge with respect to PCF and CF appointments.

Key actions:

  • Firms should ensure that board members are aware of the fitness and probity obligations applicable to PCF and CF holders and to the board.
  • Firms should ensure that PCF and CF candidates are scrutinised effectively by the board, and that the board reviews appropriate materials in ascertaining a candidate's fitness and probity, including interview notes, suitability assessments etc.
  • Firms should have in place appropriate procedures to ensure all appointments are conducted according to the CBI's standards as set out in the F&P Regime and in the 2019 Dear CEO Letter and the 2020 Dear CEO Letter/
  • Firms should have in place effective succession plans for the board and the executive team

Conducting due diligence

The CBI found that the area of fitness and probity which was most consistently weak across firms was due diligence including initial due diligence (e.g. lack of evidence of qualifications, adverse media searches, reference checks and judgements searches) and ongoing due diligence. Ongoing due diligence was found to be particularly poor and was often limited to the firm's receipt of an annual self-declaration by the role-holder - which is described as the very minimum expected of firms as regards ongoing due diligence - without any screening or other due diligence by the firm to assess whether any change in an individual's circumstances might impact fitness and probity for a PCF or CF role.

The 2020 Dear CEO Letter highlights that candidates' Individual Questionnaires ("IQs") are endorsed and submitted to the CBI by the firm and that the firm must declare that it has carried out all necessary due diligence enquiries. The CBI states that firms should bring adverse information about a candidate to the attention of the CBI together with an explanation of why, in the firm's view, this does not impact the candidate's suitability for the role in question. The CBI observes that the firm should "disclose all information relevant and potentially relevant to the CBI's assessment of a proposed appointee’s fitness and probity"; that "full and frank disclosure is required" and that "where a firm has a doubt as to the materiality of a piece of information in this regard, this should be disclosed and explained". The 2020 Dear CEO Letter warns that the CBI takes non-disclosure seriously, especially where there is an apparent attempt to mislead. The CBI reminds firms that where a firm becomes aware of concerns regarding fitness and probity of a person performing a PCF or CF role, the firm must investigate such concerns and take appropriate action without delay.

Key actions:

  • Firms should ensure that they have initial and ongoing due diligence processes in place that  meet the CBI's expectations as described above.
  • Firms should ensure that when submitting IQs on behalf of applicants, they are satisfied that the person meets the Fitness and Probity Standards and that they err on the side of caution in disclosure of information to the CBI on the basis that it may be relevant to the CBI's assessment of the candidate's fitness and probity.

Outsourcing of roles subject to the F&P Regime

The CBI found that where PCF or CF roles are outsourced, firms had not conducted the requisite level of due diligence themselves or sought to ensure that the outsourced service provider ("OSP") had conducted the appropriate due diligence when appointing the role-holder to the position.

The CBI notes that firms' obligations regarding fitness and probity apply regardless of whether the PCF or CF role is performed within the firm or outsourced to an unregulated OSP. The CBI highlights that where firms are engaging in outsourcing, they often do not have sufficient procedures in place to enable the firm to determine if any role being performed by the OSP constitutes a PCF or CF role. Accordingly, firms risk failing to identify PCF and CF role holders who are subject to the F&P Regime and failing to conduct due diligence on such persons.

Key actions:

  • Firms must ensure that they have procedures in place to identify and conduct initial and ongoing due diligence on PCF and CF role holders where those roles are outsourced to OSPs.
  • Firms' due diligence procedures should specifically address scenarios where PCF and/or CF roles are outsourced.

Engagement with the CBI

The CBI found that in the majority of firms, processes for engagement with the CBI on fitness and probity issues, including the Individual Questionnaire submission process, were not adequately developed, documented or embedded. The CBI found that many firms did not have robust processes in place to identify, escalate and notify the CBI in a timely manner of potential concerns regarding a PCF or CF role-holder.

Key actions:

Firms should ensure that fitness and probity processes are embedded with the obligation to notify and communicate with the CBI over any potential fitness and probity related concerns.

Role of the Compliance function

The CBI found that many firms were not undertaking robust compliance testing of their fitness and probity processes and procedures. The CBI reminds firms to avoid over-reliance on the Compliance Function to meet the firm's fitness and probity obligations as this may give rise to key person risk.

Key actions:

  • The fitness and probity process should be subject to comprehensive oversight by the Compliance function.
  • The fitness and probity processes should be subject to periodic independent review by the Internal Audit Function to ensure it is fit for purpose.

Conclusion

The CBI concludes that based on its thematic review, many firms do not have due regard for their obligations under the F&P Regime. The CBI reiterates that its 2019 Dear CEO Letter emphasised the importance of compliance with the F&P Regime and identified areas where compliance was found to be inadequate. The CBI states that firms should have undertaken a gap analysis when the 2019 Dear CEO Letter was published - and urges firms in response to the 2020 Dear CEO Letter to "take appropriate action to address the significant issues identified in the Dear CEO Letter" and that firms should be in a position to evidence this to the CBI, if requested.

The CBI states that it is "wholly unacceptable that such shortcomings continue to exist in circumstances where the F&P Regime was introduced 10 years ago". The CBI warns that the failure by a firm to comply with their fitness and probity related obligations may lead to a potential sanction against the firm and against the individual.

Overall actions:

  • Firms should review their fitness and probity obligations as set out in the fitness and probity standards; the CBI guidance on the fitness and probity standards; the 2019 Dear CEO Letter and the 2020 Dear CEO Letter.
  • Firms should conduct a gap analysis to determine any shortcomings in their fitness and probity processes, bearing in mind the particular shortcomings and expectations highlighted by the CBI in the 2020 Dear CEO Letter.
  • Firms should maintain a written record of the firm's response to the 2020 Dear CEO Letter to be in a position to evidence their response to the 2020 Dear CEO Letter if requested to do so by the CBI.

By Shane Kelleher, Louise McNabola and John Aherne of • William Fry